Abusing Web Applications

Acidus from Most Significant Bit Labs  has released a tool called TinyDisk that stores files in WORM (Write Once Read Many) fashion on a web application.  While this is not significant in itself, what is different is that it can save the file in someone else's web app.

By exploring the limits of the site (in this case, TinyURL), Acidus was able to store AES encrypted Base-64 encoded files as URLs in TinyURL's database.  Files can be then retrieved by simply asking for the URLs, and reversing the encoding/encrypting process.  This is not unique to TinyURL, many sites could be "abused" the same way.

Acidus' presentation "Layer 7 Fun: Extending Web Applications in interesting ways" can be found here.

The lesson in this?  Always validate ALL input from untrusted sources.  Not validating input is #1 on the OWASP Top Ten Most Critical Web Application Security Vulnerabilities.